From 28263c0247fdf6108f7b102f56c44d03e0f788bd Mon Sep 17 00:00:00 2001
From: Dmitriy <alukard.develop@gmail.com>
Date: Wed, 25 Sep 2019 20:47:27 +0400
Subject: [PATCH] Changes

---
 install/install.sh                |  52 +++++++++++++++++++++++-------
 modules/applications/packages.nix |   3 ++
 modules/default.nix               |   1 +
 modules/filesystems.nix           |   2 ++
 modules/mullvad.nix               |  50 ++++++++++++++++++++++++++++
 modules/network.nix               |   2 ++
 modules/packages.nix              |   7 ++++
 secret.nix.gpg                    | Bin 626 -> 626 bytes
 8 files changed, 106 insertions(+), 11 deletions(-)
 create mode 100644 modules/mullvad.nix

diff --git a/install/install.sh b/install/install.sh
index 0d135a7..ff86fa6 100644
--- a/install/install.sh
+++ b/install/install.sh
@@ -1,4 +1,9 @@
 #!/usr/bin/env bash
+ENCRYPT_ROOT=true
+ENCRYPT_SWAP=false
+FORMAT_BOOT_PARTITION=false
+
+DEVICE_NAME=NixOS-VM
 DEVICE=/dev/nvme0n1
 BOOT_PARTITION=/dev/nvme0n1p1
 SWAP_PARTITION=/dev/nvme0n1p3
@@ -6,12 +11,22 @@ ROOT_PARTITION=/dev/nvme0n1p2
 SWAP_NAME=cryptswap
 ROOT_NAME=cryptnixos
 
+
 gdisk $DEVICE
 
-# mkfs.vfat -n BOOT $BOOT_PARTITION
-cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
-cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
-mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME
+# Format boot partition
+if [[ "$FORMAT_BOOT_PARTITION" == true ]]; then
+  mkfs.vfat -n BOOT $BOOT_PARTITION
+fi
+# Create luks partition
+if [[ "$ENCRYPT_ROOT" == true ]]; then
+  cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
+  cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
+  mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME
+else
+  mkfs.btrfs -f -L root $ROOT_PARTITION
+fi
+# read -p "Press enter to continue"
 mount -t btrfs -o compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt
 btrfs subvolume create /mnt/@nixos
 btrfs subvolume create /mnt/@nix-store
@@ -27,16 +42,31 @@ mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME
 mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/nix/store
 btrfs subvolume create /mnt/tmp
 btrfs subvolume create /mnt/var
+# read -p "Press enter to continue"
+# Mount boot
 mkdir /mnt/boot
 mount $BOOT_PARTITION /mnt/boot
-# create swap
-dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key
-cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION
-cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME
-mkswap -L swap /dev/mapper/cryptswap
-swapon -L swap
+# read -p "Press enter to continue"
+# Create swap
+if [[ "$ENCRYPT_SWAP" == true ]]; then
+  dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key
+  cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION
+  cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME
+  mkswap -L swap /dev/mapper/cryptswap
+else
+  mkswap -L swap $SWAP_PARTITION
+fi
+# Generate config (hardware)
 nixos-generate-config --root /mnt/
-cp ./min-config.nix /mnt/etc/nixos/configuration.nix
+# Copy config to new system
+mkdir -p /mnt/root/nixos-config
+cp -r $(pwd)/.. /mnt/root/nixos-config
+echo "import /mnt/root/nixos-config \"$DEVICE_NAME\"" > /mnt/etc/nixos/configuration.nix
 nano /mnt/etc/nixos/configuration.nix
+sed -i 's/\/etc\/nixos/\/mnt\/etc\/nixos/g' /mnt/root/nixos-config/default.nix
+read -p "Please, add swap device into nixos-config/modules/filesystems.nix before continue"
 read -p "Press enter to continue"
 nixos-install -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
+sed -i 's/\/mnt\/etc\/nixos/\/etc\/nixos/g' /mnt/root/nixos-config/default.nix
+sed -i 's/\/mnt\/root/\/root/g' /mnt/etc/nixos/configuration.nix
+read -p "Installation complete!"
diff --git a/modules/applications/packages.nix b/modules/applications/packages.nix
index 44cb04e..d5f0f1a 100644
--- a/modules/applications/packages.nix
+++ b/modules/applications/packages.nix
@@ -19,6 +19,8 @@ with deviceSpecific; {
     lxqt.pavucontrol-qt
     bibata-cursors
     i3lock-fancy
+
+    # mullvad-vpn
     # Samba support
     cifs-utils
     # Utils
@@ -30,6 +32,7 @@ with deviceSpecific; {
     libva-utils
     lm_sensors
     libnotify
+    tree
     (youtube-to-mpv.override { isLaptop = isLaptop; })
     # Other
     (vivaldi.override { proprietaryCodecs = true; })
diff --git a/modules/default.nix b/modules/default.nix
index 76db5bb..9bf01d7 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -22,6 +22,7 @@
     ./workspace/xresources.nix
     ./workspace/barrier.nix
     ./themes.nix
+    ./mullvad.nix
     ./applications.nix
     ./secrets.nix
     ./devices.nix
diff --git a/modules/filesystems.nix b/modules/filesystems.nix
index 47fefa8..26bc238 100644
--- a/modules/filesystems.nix
+++ b/modules/filesystems.nix
@@ -71,6 +71,8 @@ with deviceSpecific; {
     {
       device = if device == "Dell-Laptop" then
           "/dev/disk/by-partuuid/2de40bc4-a91c-4c89-a2cd-cbf34a0adf01"
+        else if device == "NixOS-VM" then
+          "/dev/disk/by-partuuid/afa18996-0fbc-448d-86ba-acf3f046671d"
         else
           "";
       randomEncryption.enable = true;
diff --git a/modules/mullvad.nix b/modules/mullvad.nix
new file mode 100644
index 0000000..c02904a
--- /dev/null
+++ b/modules/mullvad.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.networking.mullvad;
+in {
+  ###### interface
+
+  options = {
+    networking.mullvad = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          This option enables mullvad vpn daemon.
+        '';
+      };
+      enableOnBoot = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          When enabled mullvad daemon is started on boot.
+        '';
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.mullvad-vpn ];
+
+    systemd.services.mullvad-daemon = {
+      description = "Mullvad VPN daemon";
+      wantedBy = optional cfg.enableOnBoot "multi-user.target";
+      wants = [ "network.target" ];
+      after = [
+        "network-online.target"
+        "NetworkManager.service"
+        "systemd-resolved.service"
+      ];
+      startLimitIntervalSec = 20;
+      serviceConfig = {
+        ExecStart = "${pkgs.mullvad-vpn}/bin/mullvad-daemon -v --disable-stdout-timestamps";
+        Restart = "always";
+        RestartSec = 1;
+      };
+    };
+  };
+
+}
\ No newline at end of file
diff --git a/modules/network.nix b/modules/network.nix
index 2e1a2d5..35b9110 100644
--- a/modules/network.nix
+++ b/modules/network.nix
@@ -18,6 +18,8 @@
     firewall.enable = false;
     # usePredictableInterfaceNames = false;
     hostName = config.deviceSpecific.hostName;
+
+    mullvad.enable = true;
   };
   # systemd.services.dhcpcd.serviceConfig.Type = lib.mkForce
   # "simple"; # TODO Make a PR with this change; forking is not acceptable for dhcpcd.
diff --git a/modules/packages.nix b/modules/packages.nix
index b15579e..58d9c41 100644
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -10,6 +10,13 @@
   nixpkgs.config = {
     packageOverrides = pkgs: {
       i3lock-fancy = pkgs.callPackage ./applications/i3lock-fancy.nix {};
+      # mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec {
+      #   version = "2019.8";
+      #   src = pkgs.fetchurl {
+      #     url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb";
+      #     sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz";
+      #   };
+      # });
     };
   };
 }
\ No newline at end of file
diff --git a/secret.nix.gpg b/secret.nix.gpg
index 94c9b51e5b669d9bb89e6f2229f6c838d9d64552..c1356082744be04cb63428ac80271058b1da50ae 100644
GIT binary patch
literal 626
zcmV-&0*(EJ0Sp6l8}Crp!Qkxy2mq97_^x@rEF!kqefpNIfKJ-8sytLXJ$aQF+WlCI
z2%xh_Tp|MsG^nBRIj<w_hT|cIWrO`eE<!t1Pry**IkAagis7)jIaQ18moA!{xQwS_
zvTf*$q{~{+x#YW9B*T($+Q@`5e@>lDw)-};q(JvIwi=~_d$h7=o?oW3S6AXFqaaEj
zSR!epXBDM|;EDhk>w!DzpoB?4Y|Zx*P~NJDAa86xTuGl}odLt`sv82)Og&T+f*r&4
zg&&Pg6L#i*y&z*>N5+r5UqcX>p7R?tx_KNZk+&Sc2zCG&NRFZHt2R2)X7#=4HauNU
z^;TPj@HFf-x;-%x&|(&JB{kB(paEWT1Mg}L6C^WL7!Iv~&-^cEupK28)EePvGPIC4
zQZ!K91J*|P`7H1st>Q)l;`&;mCi+~OC%|36gnFg9Unp>H*TxbKUebl&FHET$SEhrg
z^x-NK=~7rMbE2+RvJHr674hPGZJFm=gQS4~KoQHf7nBqJsBVe!x+SP+if@*i9LLqf
z){em;tK!~koz+<HuxtV|k89erR8NjvG2O%@&%leqrVi=Llu&nkua^bD;+U}s2P}H!
z)AUA508t;a?|MT>tE<AoYsXkqxxja?^Qztr5sWGaCUSp-%8=ZUHCsY^US{%}9QN4O
zqdR|ZyQlyH-%6j`EMW^<bGC(IG^ve92WL6xd^JmsP%0WqAA`J{MO`=F)IY1Pw4*sb
z+^s^52eLCk;jG;T#r~u+(VgNSjr9ZwVO5WI{NajW!c*Wv^@A>i!Mq2F`E#vj_sq};
M`_^myB~EzA#<M9j9RL6T

literal 626
zcmV-&0*(EJ0Sp5t#%vKxT`Ri*2mgMl2^5ywn-MNy{MjR^k@IDl8R#Y)4U9*v2@UN;
zpTxF+;u19QSyj|Knf_w7M8Jo6+DpFjVc@KU*nVnp;6)RKf0(&xe*fpIgR7}{w9eol
z&Qb!*hRk1O6>EfCqj9#t@jcVuli#g8_kVbap{R$hW`K4ztd92OkL90dM2uG$F$=|?
z*?}oKck73<w;A>&NS8H<1UC0#$S!|EO>m+!8{?Wfgph5PF99MLuN^n{1&|EjM-^-@
zkB~pb-<8hsf*0a62S9HW_7$79094}}o=CmCD}TAnHxz`ilMukwM?#aD`0npt4@H5s
z%o<je*ElACzgZrybMzso$79mKpaEi@y<|I3hj)y=$)3J6n<b8vNf(+|<CFLYnFuem
zH&TY50u?sTC`R>{RBOWK0oup1vU`sHO>rW-Ws<-G)f9!C-#*NSUFFbQQF2?7h?RC^
zStjS8(KVF)dNH^?wTW?s1GClz0diuh)WQ1X4G$8HRGwv4eUHsJ^bzI0KyQ!wQr_S8
zRr+HXj<A7ZY{#g%OkKF?e6hj`MCs&vVaw=Sx_S*tTH{y92U8DxCV^F7mJ3?Hf(8By
zR1_-tS*2iJ?8#HrJD~2-<DC@rZk#s{Hz{mdblBj$=)uZ++AAOVux72a$WgW!?EUT_
zmkH^Q_<FXDh0M6je+=c9RG>{+o6-1UjXu<0k%toFwDx*e-|(p4BNcSUu?;;ZX4s<q
z;XdvV%xPtXYm?U5JfeGz8nsk#S|F8!W3uz}w?iPK6z7w={@ZrlNx#yuP8L;jm;Gt;
M*ti>p>x*K8(s21en*aa+